Tuesday, 4 July 2017

New Variant Petya Ransomware Virus Attack

WannaCry ransomware is a infamous virus affected more than 230,000 computers in 150 countries, causing chaos for critical infrastructure components and traffic grids.

A latest variant ransomware, Petya, (also called Petrwrap) is going global fast and began spreading internationally on Tuesday, June 27. Petya rapidly spread through both government and corporate networks, encrypting sensitive data and demanding a ransom for its return. The ransomware exploits the vulnerability in Microsoft Windows implementation of the Server Message Block (SMB) protocol is the same malware with old techniques that was exploited by the recent WannaCry ransomware.

It encrypts a system’s master boot record (MBR) and files. The disk inaccessible and prevents most users from recovering anything on it. This ransomware then writes to the MBR and then sets up the system to reboot. It sets up scheduled tasks to shut down the machine after at least 10 minutes past the current time.

When successfully modifying the MBR, it displays the following fake system message, which notes a supposed error in the drive and shows the fake integrity checking:

Blogger Community

July 2019 Top Supporters

Statistics

…

Posts

…

Pageviews

Subscribe This Blog

A personal blog about the author's life, family, working career, study, hobby and others to be shared. The author is not liable for any loss incurred by the visitors while using the information from this blog.